Nda.exe is a legitimate file pertaining to HP/Compaq Organize. Norton somehow mistakenly detects this script as malicious. You can read up about it
here.
Please read this post completely before begining the fix.
Right click on this & choose "Save As..." DelO15Domains.inf -
DelO15Domains.inf
Right click on
DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards.
Host.zip - From within Host.zip, double click on
MVPS.bat & allow it to run.
Right click on this & select 'Save As' -
DNSManual.bat
Doubleclick on
DNSManual.bat & allow it to run.
SpywareBlaster 3.5.1
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button -
enable protection for all unprotected items
IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click
install.bat
Select Option #2 -
Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 -
Add the old porn sites domain
Save this on Desktop -
LQFix.zip
* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *
Do a HijackThis scan & place a check next to these items and select "Fix checked":
O4 - HKLM\..\Run: [dmopo.exe] C:\WINDOWS\system32\dmopo.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKLM\..\Run: [MNTP] gabber.exe
O4 - HKLM\..\Run: [keybdll] Dest068.exe
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.
* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *
Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:
Please note any other programs that you dont recognize in that list in your next response
* * * * * * BATCHES / REG FIXES * * * * * * * * * * * * * * * * *
From within LQFix.zip, doubleclick
LQFix.bat
* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *
If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.
- Tick - 'Show hidden files and folder'
- Untick - 'Hide file extensions for known types'
- Untick - 'Hide protected operating system files'
- Click Yes to confirm & then click OK
Locate and delete the following files/folders, if present:
- C:\WINDOWS\SYSTEM32\CSYQK.EXE
C:\WINDOWS\system32\dmopo.ex
C:\Program Files\AlfaCleaner\
C:\Windows\System32\intell321.exe
C:\Windows\System32\voi640.exe
C:\Windows\warnhp.html
c:\winstall.exe
C:\Windows\uninstDsk.exe
C:\Windows\System32\voi271.exe
* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *
Run
Cleanup! using the following configuration:
1. Click Options...
2. Set the slider initially to
Standard CleanUp!
3.
Uncheck the following:
- Delete Newsgroup cache
- Delete Newsgroup Subscriptions
- Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program.
Reboot to Normal Mode & post a new HJT log. Let me know how the machine behaves now.
__________________
Question - what have you done for the community today?